Parliamentary Committee Notes: On-Device Investigative Tools
Question Period Note
Date: August 3, 2022
Classification: Unclassified
Fully releasable (ATIP)? Yes
Branch / Agency: Organization name
Issue:
The Standing Committee on Access to Information, Privacy and Ethics (ETHI) has undertaken a study to determine and identify which "device investigation tools" are being used by the RCMP, which have technological capabilities similar to Pegasus and provide the committee with the name(s) of such software and the terms and conditions of its use.
Proposed Response:
- Encryption is critical to protect financial and other sensitive information of private citizens in our country. However, encryption also serves to enable criminal activity as it often renders the data off devices unintelligible.
- That is why, in extreme cases, and only with judicial authorization from a judge, the RCMP deploys specific technical tools known as On-Device Investigative Tools (ODITs) to gather evidence in priority investigations.
- As you can appreciate, the RCMP cannot divulge some of the technical elements of these tools. However, I can confirm the RCMP does not use the Pegasus application, and the RCMP has the upmost consideration for the privacy of Canadians when using an ODIT.
Background:
The Standing Committee on Access to Information, Privacy and Ethics (ETHI) has undertaken a study it has framed as: to determine and identify which "device investigation tools" are being used by the RCMP, which have technological capabilities similar to Pegasus and provide the committee with the name(s) of such software and the terms and conditions of its use.
The software Pegasus was developed by the Israeli company NSO Group, which can be covertly installed on mobile phones and other devices. It has not been employed by the RCMP.
Traditionally, the RCMP has intercepted data or communications along the network path between two computing devices, after the data departed the sending device and before it reached the recipient device. Increasingly, encryption tools have become widely available, making an increasing number of internet transmissions encrypted before leaving a device. Examples of encrypted data include applications such as iMessage, WhatsApp, Telegram, Signal, Kik and Skype.
An ODIT is a computer program as defined in s.342.1(2) of the Criminal Code that is installed on a targeted computing device that enables the collection of electronic evidence from the device. Predominately, ODITs are authorized as part of an ‘omnibus’ Part VI wiretap authorization pursuant to s. 185/6 of the Criminal Code. That authorizations permits police to prospectively collect private communications and includes a number of other warrants & orders that authorize the installation and use of ODITs. ODITs can also be used to collect private communications and other evidence that already exists. In those cases, police seek a general warrant pursuant to section 487.01 of the Criminal Code.
Encrypted data that is transmitted can be intercepted, however the encryption renders it unintelligible. ODITs may be used to obtain this data in a readable format. An ODIT may be used to collect/intercept the data from within the target device while the data is in an unencrypted form. If the targeted device or network is receiving data, the ODIT may collect/intercept the data after it has been received by the device and decrypted. Further to this example, if the targeted device or network is sending data, the ODIT may collect/intercept the data before it is encrypted and sent.
ODITs can otherwise be used to collect evidence from or using the targeted device. For example:
- to covertly copy data stored on a device or available to that device from cloud storage or another networked device,
- to capture data that identifies the user of the device,
- to activate peripheral components of the targeted device, i.e. the camera and microphone, to conduct electronic surveillance.
- Date modified: